1. The Future of Machine Learning and Cybersecurity

    The Center for Security and Emerging Technology has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” Here’s the bottom line:

    The report offers four conclusions:

    • Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases these technologies are elaborations on long-standing methods — not fundamentally new approaches — that bring new attack surfaces of their own.
    • A wide range of specific tasks could be fully or partially automated with the use of machine learning, including some forms of vulnerability discovery, deception, and attack disruption. But many of the most transformative of these possibilities still require significant machine learning breakthroughs. ...
  2. Friday Squid Blogging: Video of Giant Squid Hunting Prey

    Fantastic video of a giant squid hunting at depths between 1,827 and 3,117 feet.

    This is a follow-on from this post.

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

    Read my blog posting guidelines here.

  3. Peloton Vulnerability Found and Fixed

    Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device.

    The attack requires physical access to the Peloton, so it’s not really a practical attack. President Biden’s Peloton was not in danger.

  4. Intentional Flaw in GPRS Encryption Algorithm GEA-1

    General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.”

    GEA-1 was designed by the European Telecommunications Standards Institute in 1998. ETSI was — and maybe still is — under the auspices of...

  5. Paul van Oorschot’s Computer Security and the Internet

    Paul van Oorschot’s webpage contains a complete copy of his book: Computer Security and the Internet: Tools and Jewels. It’s worth reading.

  6. VPNs and Trust

    TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on.

    Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama. There are VPNs from the Seychelles, Malaysia, and Bulgaria. There are VPNs from more Western and democratic countries like the US, Switzerland, Canada, and Sweden. Presumably all of those companies follow the laws of their home country...

  7. Andrew Appel on New Hampshire’s Election Audit

    Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire.

    Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of optical-scan voting machines (possibly over several years of use) can cause paper-fold lines in absentee ballots to be interpreted as votes… New Hampshire (and other states) may need to maintain the accuracy of their optical-scan voting machines by paying attention to three issues:...

  8. Upcoming Speaking Engagements

    This is a current list of where and when I am scheduled to speak:

  9. TikTok Can Now Collect Biometric Data

    This is probably worth paying attention to:

    A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information it automatically collects from users, but said it would ask for consent in the case such data collection practices began...

  10. Friday Squid Blogging: Fossil of Squid Eating and Being Eaten

    We now have a fossil of a squid eating a crustacean while it is being eaten by a shark.

    As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

    Read my blog posting guidelines here.

Copyright © 2021 • All Rights Reserved.Sensible Voice, LLC
1 High Street • Brandon, VT 05733 • Contact Us • Privacy Policy